<?php

session_start();
// check if form was submitted, or just something we show for the first time
  if (isset($_POST['firstName'])) {
    // form was submitted, getting information
	$firstName = $_POST['firstName'];
	$lastName = $_POST['lastName'];
	$phone = $_POST['phone'];
	$address = $_POST['address'];
	$city = $_POST['city'];
	$state = $_POST['state'];
	$zipCode = $_POST['zipCode'];
	$university = $_POST['university'];

	$email = $_POST['email'];
	$confirmEmail = $_POST['confirmEmail'];

	$password = $_POST['password'];
	$confirmPassword = $_POST['confirmPassword'];
	if ($password !== '******' && $password == $confirmPassword) {
		$change_pass = 1;
	} else {
		$change_pass = 0;
	}
  
	// connection settings stored in file
	include("connectionParameters.php");
		
	$connection = mysql_connect($host,$user,$pass)
		or die ("Can't connect to server, try again later, please");

	mysql_select_db($database);
	
	$query =
		'UPDATE `Users` SET '
			.'`firstName` = "' . $firstName . '",'
			.'`lastName` = "' . $lastName . '",'
			.'`phone` = "' . $phone . '",'
			.'`address` = "' . $address . '",'
			.'`city` = "' . $city . '",'
			.'`state` = "' . $state . '",'
			.'`zipCode` = "' . $zipCode . '",'
			.'`university` = "' . $university . '",'
			.'`email` = "' . $email . '"'
			. ($change_pass ? ',`password` = MD5("' . $password . '")' : '')
		.' WHERE `userId` = ' . $_SESSION['userId'];

	$result = mysql_query($query,$connection)
		or die ("Problem with updating profile information, please try again later. SQL");

	mysql_close($connection);
  }

  header("Location:profile.php");
?>